print '<title>' . $GLOBALS["strPreferencesTitle"] . '</title>';
print $subscribepagedata["header"];
if (!TEST) {
if ($emailchanged) {
if (sendMail($data["email"], getConfig("updatesubject"), $oldaddressmessage, system_messageheaders($email), '') && sendMail($email, getConfig("updatesubject"), $newaddressmessage, system_messageheaders($email), '')) {
$ok = 1;
sendAdminCopy("Lists information changed", "\n" . $data["email"] . " has changed their information.\n\nThe email has changed to {$email}.\n\n{$history_entry}");
addUserHistory($email, "Change", $history_entry);
} else {
$ok = 0;
}
} else {
if (sendMail($email, getConfig("updatesubject"), $message, system_messageheaders($email), '')) {
$ok = 1;
sendAdminCopy("Lists information changed", "\n" . $data["email"] . " has changed their information\n\n{$history_entry}");
addUserHistory($email, "Change", $history_entry);
} else {
$ok = 0;
}
}
} else {
$ok = 1;
}
if ($ok) {
print '<h3>' . $GLOBALS["strPreferencesUpdated"] . '</h3>';
if ($emailchanged) {
echo $strPreferencesEmailChanged;
}
print "<br/>";
echo $strPreferencesNotificationSent;
} else {
if ($isValid) {
## I guess everyone will import all their users wanting to receive HTML ....
$query = sprintf('insert into %s (email,entered,htmlemail,confirmed,uniqid)
values("%s",now(),1,1,"%s")', $tables["user"], $line, $uniqid);
$result = Sql_query($query, 1);
$userid = Sql_insert_id();
if (empty($userid)) {
$count['duplicate']++;
## mark the subscriber confirmed, don't touch blacklisted
## hmm, maybe not, can be done on the reconcile page
# Sql_Query(sprintf('update %s set confirmed = 1 where email = "%s"', $tables["user"], $line));
$idreq = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $tables["user"], $line));
$userid = $idreq[0];
} else {
$count['imported']++;
addUserHistory($line, $GLOBALS['I18N']->get('import_by') . ' ' . adminName(), '');
}
## do not add them to the list(s) when blacklisted
$isBlackListed = isBlackListed($line);
if (!$isBlackListed) {
$count['addedtolist']++;
foreach ($selected_lists as $k => $listid) {
$query = "replace into " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query);
}
} else {
$count['foundonblacklist']++;
}
} else {
$count['invalid']++;
$rejectReport['invalid'] .= "\n" . $line;
function processBounceData($bounceid, $msgid, $userid)
{
global $tables;
$useremailQ = Sql_fetch_row_query(sprintf('select email from %s where id = %d', $tables['user'], $userid));
$useremail = $useremailQ[0];
if ($msgid === "systemmessage" && !empty($userid)) {
Sql_Query(sprintf('update %s
set status = "bounced system message",
comment = "%s marked unconfirmed"
where id = %d', $tables["bounce"], $userid, $bounceid));
logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, user marked unconfirmed"));
addUserHistory($useremail, $GLOBALS['I18N']->get("Bounced system message"), "\n <br/>" . $GLOBALS['I18N']->get("User marked unconfirmed") . "\n <br/><a href=\"./?page=bounce&id={$bounceid}\">" . $GLOBALS['I18N']->get("View Bounce") . "</a>\n\n ");
Sql_Query(sprintf('update %s
set confirmed = 0
where id = %d', $tables["user"], $userid));
} elseif (!empty($msgid) && !empty($userid)) {
## check if we already have this um as a bounce
## so that we don't double count "delayed" like bounces
$exists = Sql_Fetch_Row_Query(sprintf('select count(*) from %s where user = %d and message = %d', $tables["user_message_bounce"], $userid, $msgid));
if (empty($exists[0])) {
Sql_Query(sprintf('insert into %s
set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid));
Sql_Query(sprintf('update %s
set status = "bounced list message %d",
comment = "%s bouncecount increased"
where id = %d', $tables["bounce"], $msgid, $userid, $bounceid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["message"], $msgid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["user"], $userid));
} else {
## we create the relationship, but don't increase counters
Sql_Query(sprintf('insert into %s
set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid));
## we cannot translate this text
Sql_Query(sprintf('update %s
set status = "duplicate bounce for %d",
comment = "duplicate bounce for subscriber %d on message %d"
where id = %d', $tables["bounce"], $userid, $userid, $msgid, $bounceid));
}
} elseif ($userid) {
Sql_Query(sprintf('update %s
set status = "bounced unidentified message",
comment = "%s bouncecount increased"
where id = %d', $tables["bounce"], $userid, $bounceid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["user"], $userid));
} elseif ($msgid === 'systemmessage') {
Sql_Query(sprintf('update %s
set status = "bounced system message",
comment = "unknown user"
where id = %d', $tables["bounce"], $bounceid));
logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, but unknown user"));
} elseif ($msgid) {
Sql_Query(sprintf('update %s
set status = "bounced list message %d",
comment = "unknown user"
where id = %d', $tables["bounce"], $msgid, $bounceid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["message"], $msgid));
} else {
Sql_Query(sprintf('update %s
set status = "unidentified bounce",
comment = "not processed"
where id = %d', $tables["bounce"], $bounceid));
return false;
}
return true;
}
if (!isset($page)) {
global $page;
}
if (!isset($ZBX_PAGE_POST_JS)) {
global $ZBX_PAGE_POST_JS;
}
if (!defined('PAGE_HEADER_LOADED')) {
define('PAGE_HEADER_LOADED', 1);
}
// history
if (isset($page['hist_arg']) && CWebUser::$data['alias'] != ZBX_GUEST_USER && $page['type'] == PAGE_TYPE_HTML && !defined('ZBX_PAGE_NO_MENU')) {
// if URL length is greater than DB field size, skip history update
$url = getHistoryUrl($page);
if ($url) {
DBstart();
$result = addUserHistory($page['title'], $url);
DBend($result);
}
}
// last page
if (!defined('ZBX_PAGE_NO_MENU') && $page['file'] != 'profile.php') {
CProfile::update('web.paging.lastpage', $page['file'], PROFILE_TYPE_STR);
}
if (CProfile::isModified()) {
DBstart();
$result = CProfile::flush();
DBend($result);
}
// end transactions if they have not been closed already
if (isset($DB) && isset($DB['TRANSACTIONS']) && $DB['TRANSACTIONS'] != 0) {
error(_('Transaction has not been closed. Aborting...'));
function sendMail($to, $subject, $message, $header = "", $parameters = "")
{
# mail($to,$subject,$message);
dbg("mail {$to} {$subject}");
if (!$to) {
logEvent("Error: empty To: in message with subject {$subject} to send");
return 0;
} elseif (!$subject) {
logEvent("Error: empty Subject: in message to send to {$to}");
return 0;
}
if (isBlackListed($to)) {
logEvent("Error, {$to} is blacklisted, not sending");
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $this->tables["user"], $to));
addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed");
return 0;
}
$v = phpversion();
$v = preg_replace("/\\-.*\$/", "", $v);
$header .= "X-Mailer: webbler/phplist v" . VERSION . ' (http://www.phplist.com)' . "\n";
$from_address = $this->getConfig("message_from_address");
$from_name = $this->getConfig("message_from_name");
if ($from_name) {
$header .= "From: \"{$from_name}\" <{$from_address}>\n";
} else {
$header .= "From: {$from_address}\n";
}
$message_replyto_address = $this->getConfig("message_replyto_address");
if ($message_replyto_address) {
$header .= "Reply-To: {$message_replyto_address}\n";
} else {
$header .= "Reply-To: {$from_address}\n";
}
$v = VERSION;
$v = ereg_replace("-dev", "", $v);
$header .= "X-MessageID: systemmessage\n";
if ($useremail) {
$header .= "X-User: "******"\n";
}
if ($this->message_envelope) {
$header = rtrim($header);
if ($header) {
$header .= "\n";
}
$header .= "Errors-To: " . $this->message_envelope;
if (!$parameters || !ereg("-f" . $this->message_envelope)) {
$parameters = '-f' . $this->message_envelope;
}
}
if (!ereg("dev", VERSION)) {
if (mail($to, $subject, $message, $header, $parameters)) {
return 1;
} else {
return mail($to, $subject, $message, $header);
}
} else {
# send mails to one place when running a test version
$message = "To: {$to}\n" . $message;
if ($this->developer_email) {
return mail($this->developer_email, $subject, $message, $header, $parameters);
} else {
print "Error: Running CVS version, but developer_email not set";
}
}
}
$listmembership = array();
$req = Sql_Query("select * from {$tables['listuser']} where userid = {$userid}");
while ($row = Sql_Fetch_Array($req)) {
$listmembership[$row['listid']] = listName($row['listid']);
}
$history_entry .= "\n" . $GLOBALS['I18N']->get('List subscriptions:') . "\n";
foreach ($old_listmembership as $key => $val) {
$history_entry .= $GLOBALS['I18N']->get('Was subscribed to:') . " {$val}\n";
}
foreach ($listmembership as $key => $val) {
$history_entry .= $GLOBALS['I18N']->get('Is now subscribed to:') . " {$val}\n";
}
if (!count($listmembership)) {
$history_entry .= $GLOBALS['I18N']->get('Not subscribed to any lists') . "\n";
}
addUserHistory($email, $GLOBALS['I18N']->get('Import by ') . adminName(), $history_entry);
}
// end if
}
// end while
# lets be gramatically correct :-)
$displists = $num_lists == 1 ? $GLOBALS['I18N']->get('list') : $GLOBALS['I18N']->get('lists');
$dispemail = $count_email_add == 1 ? $GLOBALS['I18N']->get('new email was') : $GLOBALS['I18N']->get('new emails were');
$dispemail2 = $additional_emails == 1 ? $GLOBALS['I18N']->get('email was') : $GLOBALS['I18N']->get('emails were');
if ($count_email_exist) {
$report .= '<br/> ' . s('%d emails already existed in the database', $count_email_exist);
}
if (!$some && !$additional_emails) {
$report .= '<br/>' . s('All the emails already exist in the database.');
} else {
$report .= "<br/>{$count_email_add} {$dispemail} " . s('succesfully imported to the database and added to') . " {$num_lists} {$displists}.<br/>{$additional_emails} {$dispemail2} " . $GLOBALS['I18N']->get('subscribed to the') . " {$displists}";
function sendMail($to, $subject, $message, $header = "", $parameters = "", $skipblacklistcheck = 0)
{
if (TEST) {
return 1;
}
# do a quick check on mail injection attempt, @@@ needs more work
if (preg_match("/\n/", $to)) {
logEvent("Error: invalid recipient, containing newlines, email blocked");
return 0;
}
if (preg_match("/\n/", $subject)) {
logEvent("Error: invalid subject, containing newlines, email blocked");
return 0;
}
if (!$to) {
logEvent("Error: empty To: in message with subject {$subject} to send");
return 0;
} elseif (!$subject) {
logEvent("Error: empty Subject: in message to send to {$to}");
return 0;
}
if (!$skipblacklistcheck && isBlackListed($to)) {
logEvent("Error, {$to} is blacklisted, not sending");
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS["tables"]["user"], $to));
addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed");
return 0;
}
if ($GLOBALS['usephpmailer']) {
return sendMailPhpMailer($to, $subject, $message);
} else {
return sendMailOriginal($to, $subject, $message, $header, $parameters);
}
return 0;
}
function unBlackList($userid = 0)
{
if (!$userid) {
return;
}
$email = Sql_Fetch_Row_Query("select email from {$GLOBALS["tables"]["user"]} where id = {$userid}");
Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist"], $email[0]));
Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist_data"], $email[0]));
Sql_Query(sprintf('update %s set blacklisted = 0 where id = %d', $GLOBALS["tables"]["user"], $userid));
if (isset($_SESSION["logindetails"]["adminname"])) {
$msg = "Removed from blacklist by " . $_SESSION["logindetails"]["adminname"];
addUserHistory($email[0], $msg, "");
}
}
foreach ($unsubscribed_to as $key => $desc) {
$history_entry .= "Unsubscribed from {$desc}\n";
}
} else {
$history_entry .= "\nList subscriptions:\n";
foreach ($old_listmembership as $key => $val) {
$history_entry .= "Was subscribed to: {$val}\n";
}
foreach ($listmembership as $key => $val) {
$history_entry .= "Is now subscribed to: {$val}\n";
}
if (!sizeof($listmembership)) {
$history_entry .= "Not subscribed to any lists\n";
}
}
addUserHistory($email, "Update by " . adminName($_SESSION["logindetails"]["id"]), $history_entry);
if ($newuser) {
Redirect("user&id={$id}");
exit;
}
Info($GLOBALS['I18N']->get('Changes saved'));
}
if (isset($delete) && $delete && $access != "view") {
# delete the index in delete
print $GLOBALS['I18N']->get('Deleting') . " {$delete} ..\n";
if ($require_login && !isSuperUser()) {
$lists = Sql_query("SELECT listid FROM {$tables["listuser"]},{$tables["list"]} where userid = " . $delete . " and {$tables['listuser']}.listid = {$tables['list']}.id {$subselect} ");
while ($lst = Sql_fetch_array($lists)) {
Sql_query("delete from {$tables["listuser"]} where userid = {$delete} and listid = {$lst['0']}");
}
} else {
function unsubscribePage($id)
{
$pagedata = pageData($id);
if (isset($pagedata['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $pagedata['language_file'])) {
@(include dirname(__FILE__) . '/texts/' . $pagedata['language_file']);
}
global $tables;
$res .= '<title>' . $GLOBALS["strUnsubscribeTitle"] . '</title>';
$res = $pagedata["header"];
if (isset($_GET["uid"])) {
$req = Sql_Query("select * from {$tables['user']} where uniqid = \"" . $_GET["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
$email = $userdata["email"];
if (UNSUBSCRIBE_JUMPOFF) {
$_POST["unsubscribe"] = 1;
$_POST["email"] = $email;
$_POST["unsubscribereason"] = '"Jump off" set, reason not requested';
}
}
if (isset($_POST["unsubscribe"]) && (isset($_POST["email"]) || isset($_POST["unsubscribeemail"])) && isset($_POST["unsubscribereason"])) {
if (isset($_POST["email"])) {
$email = trim($_POST["email"]);
} else {
$email = $_POST["unsubscribeemail"];
}
$query = Sql_Fetch_Row_Query("select id,email from {$tables["user"]} where email = \"{$email}\"");
$userid = $query[0];
$email = $query[1];
if (!$userid) {
$res .= 'Error: ' . $GLOBALS["strUserNotFound"];
logEvent("Request to unsubscribe non-existent user: "******"email"], 0, 150));
} else {
$result = Sql_query("delete from {$tables["listuser"]} where userid = \"{$userid}\"");
$lists = " * " . $GLOBALS["strAllMailinglists"] . "\n";
# add user to blacklist
addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason'])));
addUserHistory($email, "Unsubscription", "Unsubscribed from {$lists}");
$unsubscribemessage = ereg_replace("\\[LISTS\\]", $lists, getUserConfig("unsubscribemessage", $userid));
sendMail($email, getConfig("unsubscribesubject"), stripslashes($unsubscribemessage), system_messageheaders($email));
$reason = $_POST["unsubscribereason"] ? "Reason given:\n" . stripslashes($_POST["unsubscribereason"]) : "No Reason given";
sendAdminCopy("List unsubscription", $email . " has unsubscribed\n{$reason}");
addSubscriberStatistics('unsubscription', 1);
}
if ($userid) {
$res .= '<h1>' . $GLOBALS["strUnsubscribeDone"] . "</h1><P>";
}
$res .= $GLOBALS["PoweredBy"] . '</p>';
$res .= $pagedata["footer"];
return $res;
} elseif (isset($_POST["unsubscribe"]) && !$_POST["unsubscribeemail"]) {
$msg = '<span class="error">' . $GLOBALS["strEnterEmail"] . "</span><br>";
} elseif (!empty($_GET["email"])) {
$email = trim($_GET["email"]);
} else {
if (isset($_REQUEST["email"])) {
$email = $_REQUEST["email"];
} elseif (isset($_REQUEST['unsubscribeemail'])) {
$email = $_REQUEST['unsubscribeemail'];
} elseif (!isset($email)) {
$email = '';
}
}
if (!isset($msg)) {
$msg = '';
}
$res .= '<b>' . $GLOBALS["strUnsubscribeInfo"] . '</b><br>' . $msg . formStart();
$res .= '<table>
<tr><td>' . $GLOBALS["strEnterEmail"] . ':</td><td colspan=3><input type=text name="unsubscribeemail" value="' . $email . '" size=40></td></tr>
</table>';
if (!$email) {
$res .= "<input type=submit name=unsubscribe value=\"{$GLOBALS['strContinue']}\"></form>\n";
$res .= $GLOBALS["PoweredBy"];
$res .= $pagedata["footer"];
return $res;
}
$current = Sql_Fetch_Array_query("SELECT list.id as listid,user.uniqid as userhash, user.password as password FROM {$tables['list']} as list,{$tables['listuser']} as listuser,{$tables['user']} as user where list.id = listuser.listid and user.id = listuser.userid and user.email = \"{$email}\"");
$some = $current["listid"];
if (ASKFORPASSWORD && !empty($user['password'])) {
# it is safe to link to the preferences page, because it will still ask for
# a password
$hash = $current["userhash"];
} elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) {
# they got to this page from a link in an email
$hash = $current['userhash'];
} else {
$hash = '';
}
$finaltext = $GLOBALS["strUnsubscribeFinalInfo"];
$pref_url = getConfig("preferencesurl");
$sep = ereg('\\?', $pref_url) ? '&' : '?';
$finaltext = eregi_replace('\\[preferencesurl\\]', $pref_url . $sep . 'uid=' . $hash, $finaltext);
if (!$some) {
$res .= "<b>" . $GLOBALS["strNoListsFound"] . "</b></ul>";
$res .= '<p><input type=submit value="' . $GLOBALS["strResubmit"] . '">';
} else {
list($r, $c) = explode(",", getConfig("textarea_dimensions"));
if (!$r) {
$r = 5;
}
if (!$c) {
$c = 65;
}
$res .= $GLOBALS["strUnsubscribeRequestForReason"];
$res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . '
' . $finaltext . '
<p><input type=submit name="unsubscribe" value="' . $GLOBALS["strUnsubscribe"] . '"></p>';
}
$res .= '<p>' . $GLOBALS["PoweredBy"] . '</p>';
$res .= $pagedata["footer"];
return $res;
}
function sendMail($to, $subject, $message, $header = "", $parameters = "")
{
mail($to, $subject, $message);
dbg("mail {$to} {$subject}");
if (TEST) {
return 1;
}
if (!$to) {
logEvent("Error: empty To: in message with subject {$subject} to send");
return 0;
} elseif (!$subject) {
logEvent("Error: empty Subject: in message to send to {$to}");
return 0;
}
if (isBlackListed($to)) {
logEvent("Error, {$to} is blacklisted, not sending");
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS["tables"]["user"], $to));
addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed");
return 0;
}
$v = phpversion();
$v = preg_replace("/\\-.*\$/", "", $v);
if ($GLOBALS["message_envelope"]) {
$header = rtrim($header);
if ($header) {
$header .= "\n";
}
$header .= "Errors-To: " . $GLOBALS["message_envelope"];
if (!$parameters || !ereg("-f" . $GLOBALS["message_envelope"], $parameters)) {
$parameters = '-f' . $GLOBALS["message_envelope"];
}
}
$header .= "X-Mailer: PHPlist v" . VERSION . ' (http://www.phplist.com)' . "\n";
if (WORKAROUND_OUTLOOK_BUG) {
$header = rtrim($header);
if ($header) {
$header .= "\n";
}
$header .= "X-Outlookbug-fixed: Yes";
$message = preg_replace("/\r?\n/", "\r\n", $message);
}
if (!ereg("dev", VERSION)) {
if ($v > "4.0.5" && !ini_get("safe_mode")) {
if (mail($to, $subject, $message, $header, $parameters)) {
return 1;
} else {
return mail($to, $subject, $message, $header);
}
} else {
return mail($to, $subject, $message, $header);
}
} else {
# send mails to one place when running a test version
$message = "To: {$to}\n" . $message;
if ($GLOBALS["developer_email"]) {
return mail($GLOBALS["developer_email"], $subject, $message, $header, $parameters);
} else {
print "Error: Running CVS version, but developer_email not set";
}
}
}
}
$current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $tables['user'], $userid));
$current_data = array_merge($current_data, getUserAttributeValues('', $userid));
$information_changed = 0;
foreach ($current_data as $key => $val) {
if (!is_numeric($key)) {
if (isset($old_data[$key]) && $old_data[$key] != $val && $old_data[$key] && $key != 'password' && $key != 'modified') {
$information_changed = 1;
$history_entry .= "{$key} = {$val}\n*changed* from {$old_data[$key]}\n";
}
}
}
if (!$information_changed) {
$history_entry .= "\nNo user details changed";
}
addUserHistory($user['systemvalues']['email'], 'Import by ' . adminName(), $history_entry);
}
#add this user to the lists identified, except when they are blacklisted
$isBlackListed = isBlackListed($user['systemvalues']['email']);
if (!$isBlackListed && is_array($_SESSION['lists'])) {
reset($_SESSION['lists']);
$addition = 0;
$listoflists = '';
while (list($key, $listid) = each($_SESSION['lists'])) {
$query = 'replace INTO ' . $tables['listuser'] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query, 1);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
$listoflists .= ' * ' . listName($key) . "\n";
# $_SESSION["listname"][$key] . "\n";
}
$old_data[$key] = s('(no data)');
}
$history_entry .= "{$key} = {$val}\n" . s('changed from') . " {$old_data[$key]}\n";
}
}
}
if (!$history_entry) {
$history_entry = "\n" . s('No data changed') . "\n";
}
foreach ($subscribed_to as $key => $desc) {
$history_entry .= s('Subscribed to %s', $desc) . "\n";
}
foreach ($unsubscribed_from as $key => $desc) {
$history_entry .= s('Unsubscribed from %s', $desc) . "\n";
}
addUserHistory($email, s('Update by %s', adminName($_SESSION['logindetails']['id'])), $history_entry);
if (empty($newuser)) {
$_SESSION['action_result'] = s('Changes saved') . $feedback;
}
Redirect("user&id={$id}");
exit;
}
/************ END <whitout_error IF block> (start in line 71) **********************/
}
if (isset($delete) && $delete && $access != 'view') {
verifyCsrfGetToken();
# delete the index in delete
$_SESSION['action_result'] = s('Deleting') . " {$delete} ..\n";
if ($require_login && !isSuperUser()) {
$lists = Sql_query("SELECT listid FROM {$tables['listuser']},{$tables['list']} where userid = " . $delete . " and {$tables['listuser']}.listid = {$tables['list']}.id {$subselect} ");
while ($lst = Sql_fetch_array($lists)) {
/**
* Add a Subscriber with lists.
*
* <p><strong>Parameters:</strong><br/>
* [*email] {string} the email address of the Subscriber.<br/>
* [*foreignkey] {string} Foreign key.<br/>
* [*htmlemail] {integer} 1=html emails, 0=no html emails.<br/>
* [*subscribepage] {integer} subscribepage to sign up to.<br/>
* [*lists] {string} comma-separated list IDs.<br/>
* </p>
* <p><strong>Returns:</strong><br/>
* The added Subscriber.
* </p>
*/
public static function subscribe()
{
$sql = 'INSERT INTO ' . $GLOBALS['tables']['user'] . '
(email, htmlemail, foreignkey, subscribepage, entered, uniqid)
VALUES (:email, :htmlemail, :foreignkey, :subscribepage, now(), :uniqid);';
$uniqueID = Common::createUniqId();
$subscribePage = sprintf('%d', $_REQUEST['subscribepage']);
if (!validateEmail($_REQUEST['email'])) {
Response::outputErrorMessage('invalid email address');
}
$listNames = '';
$lists = explode(',', $_REQUEST['lists']);
try {
$db = PDO::getConnection();
$stmt = $db->prepare($sql);
$stmt->bindParam('email', $_REQUEST['email'], PDO::PARAM_STR);
$stmt->bindParam('htmlemail', $_REQUEST['htmlemail'], PDO::PARAM_BOOL);
/* @@todo ensure uniqueness of FK */
$stmt->bindParam('foreignkey', $_REQUEST['foreignkey'], PDO::PARAM_STR);
$stmt->bindParam('subscribepage', $subscribePage, PDO::PARAM_INT);
$stmt->bindParam('uniqid', $uniqueID, PDO::PARAM_STR);
$stmt->execute();
$subscriberId = $db->lastInsertId();
foreach ($lists as $listId) {
$stmt = $db->prepare('replace into ' . $GLOBALS['tables']['listuser'] . ' (userid,listid,entered) values(:userid,:listid,now())');
$stmt->bindParam('userid', $subscriberId, PDO::PARAM_INT);
$stmt->bindParam('listid', $listId, PDO::PARAM_INT);
$stmt->execute();
$listNames .= "\n * " . listname($listId);
}
$subscribeMessage = getUserConfig("subscribemessage:{$subscribePage}", $subscriberId);
$subscribeMessage = str_replace('[LISTS]', $listNames, $subscribeMessage);
$subscribePage = sprintf('%d', $_REQUEST['subscribepage']);
sendMail($_REQUEST['email'], getConfig("subscribesubject:{$subscribePage}"), $subscribeMessage);
addUserHistory($_REQUEST['email'], 'Subscription', 'Subscription via the Rest-API plugin');
$db = null;
self::SubscriberGet($subscriberId);
} catch (\Exception $e) {
Response::outputError($e);
}
}
++$unconfirmed;
# when running from commandline we mark it as sent, otherwise we might get
# stuck when using batch processing
# if ($GLOBALS["commandline"]) {
$um = Sql_query("replace into {$tables['usermessage']} (entered,userid,messageid,status) values(now(),{$userid},{$messageid},\"unconfirmed user\")");
# }
} elseif ($user['email'] || $user['id']) {
if (VERBOSE) {
processQueueOutput(s('Invalid email address') . ': ' . $user['email'] . ' ' . $user['id']);
}
logEvent(s('Invalid email address') . ': userid ' . $user['id'] . ' email ' . $user['email']);
# mark it as sent anyway
if ($user['id']) {
$um = Sql_query(sprintf('replace into %s (entered,userid,messageid,status) values(now(),%d,%d,"invalid email address")', $tables['usermessage'], $userid, $messageid));
Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $GLOBALS['tables']['user'], $user['id']));
addUserHistory($user['email'], s('Subscriber marked unconfirmed for invalid email address'), s('Marked unconfirmed while sending campaign %d', $messageid));
}
++$counters['invalid'];
}
}
} else {
## and this is quite historical, and also unlikely to be every called
# because we now exclude users who have received the message from the
# query to find users to send to
## when trying to send the message, it was already marked for this user
## June 2010, with the multiple send process extension, that's quite possible to happen again
$um = Sql_Fetch_Row($um);
++$notsent;
if (VERBOSE) {
processQueueOutput($GLOBALS['I18N']->get('Not sending to') . ' ' . $userid . ', ' . $GLOBALS['I18N']->get('already sent') . ' ' . $um[0]);
}
<?php
if (empty($_SESSION['last_addemail'])) {
$_SESSION['last_addemail'] = 0;
}
if (!defined('PHPLISTINIT')) {
die;
}
verifyCsrfGetToken();
if (!empty($_GET['email'])) {
$delay = time() - $_SESSION['last_addemail'];
if (!validateEmail($_GET['email'])) {
$status = s('That is not a valid email address');
} elseif ($delay > ADD_EMAIL_THROTTLE) {
$_SESSION['last_addemail'] = time();
Sql_Query(sprintf('insert into %s (email,uniqid,htmlemail,entered) values("%s","%s",1,now())', $GLOBALS['tables']['user'], sql_escape($_GET['email']), getUniqid()), 1);
addUserHistory($_GET['email'], s('Added by %s', adminName()), s('Added with add-email on test'));
$status = s('Email address added');
} else {
# pluginsCall('processError','Error adding email address, throttled');
foreach ($GLOBALS['plugins'] as $plname => $plugin) {
$plugin->processError('Add email throttled ' . $delay);
}
$status = s('Adding email address failed, try again later');
}
}
function unsubscribePage($id)
{
global $tables;
$email = '';
$userid = 0;
$msg = '';
## for unsubscribe, don't validate host
$GLOBALS['check_for_host'] = 0;
$res = '<title>' . $GLOBALS['strUnsubscribeTitle'] . '</title>' . "\n";
$res .= $GLOBALS['pagedata']['header'];
if (isset($_GET['uid'])) {
$userdata = Sql_Fetch_Array_Query(sprintf('select email,id,blacklisted from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid'])));
$email = $userdata['email'];
$userid = $userdata['id'];
$isBlackListed = $userdata['blacklisted'] != '0';
$blacklistRequest = false;
} else {
if (isset($_REQUEST['email'])) {
$email = $_REQUEST['email'];
}
if (!validateEmail($email)) {
$email = '';
}
#0013076: Blacklisting posibility for unknown users
# Set flag for blacklisting
$blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend';
# only proceed when user has confirm the form
if ($blacklistRequest && is_email($email)) {
$_POST['unsubscribe'] = 1;
$_POST['unsubscribereason'] = s('Forwarded receiver requested blacklist');
}
}
if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) {
$_POST['unsubscribe'] = 1;
$_REQUEST['email'] = $email;
if (!empty($_GET['jo'])) {
$blacklistRequest = true;
$_POST['unsubscribereason'] = s('"Jump off" used by subscriber, reason not requested');
} else {
$_POST['unsubscribereason'] = s('"Jump off" set, reason not requested');
}
}
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
# print $pluginname.'<br/>';
if ($plugin->unsubscribePage($email)) {
return;
}
}
if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) {
## all conditions met, do the unsubscribe
#0013076: Blacklisting posibility for unknown users
// It would be better to do this above, where the email is set for the other cases.
// But to prevent vulnerabilities let's keep it here for now. [bas]
if (!$blacklistRequest) {
$query = Sql_Fetch_Row_Query(sprintf('select id,email,blacklisted from %s where email = "%s"', $tables['user'], sql_escape($email)));
$userid = $query[0];
$email = $query[1];
$isBlackListed = !empty($query[2]);
}
if (!$userid) {
#0013076: Blacklisting posibility for unknown users
if ($blacklistRequest && !empty($email)) {
addUserToBlacklist($email, $_POST['unsubscribereason']);
addSubscriberStatistics('blacklist', 1);
$res .= '<h3>' . $GLOBALS['strUnsubscribedNoConfirm'] . '</h3>';
} else {
$res .= $GLOBALS['strNoListsFound'];
#'Error: '.$GLOBALS["strUserNotFound"];
logEvent('Request to unsubscribe non-existent user: '******'select listid from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid));
while ($row = Sql_Fetch_Row($listsreq)) {
array_push($subscriptions, $row[0]);
}
## 17753 - do not actually remove the list-membership when unsubscribing
# $result = Sql_query(sprintf('delete from %s where userid = %d',$tables["listuser"],$userid));
$lists = ' * ' . $GLOBALS['strAllMailinglists'] . "\n";
if (empty($isBlackListed)) {
// only process when not already marked as blacklisted
# add user to blacklist
addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason'])));
addUserHistory($email, 'Unsubscription', "Unsubscribed from {$lists}");
$unsubscribemessage = str_replace('[LISTS]', $lists, getUserConfig("unsubscribemessage:{$id}", $userid));
sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true);
$reason = $_POST['unsubscribereason'] ? "Reason given:\n" . stripslashes($_POST['unsubscribereason']) : 'No Reason given';
sendAdminCopy('List unsubscription', $email . " has unsubscribed\n{$reason}", $subscriptions);
addSubscriberStatistics('unsubscription', 1);
}
}
if ($userid) {
$res .= '<h3>' . $GLOBALS['strUnsubscribeDone'] . '</h3>';
}
#0013076: Blacklisting posibility for unknown users
//if ($blacklistRequest) {
//$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>";
//}
$res .= $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
} elseif (isset($_POST['unsubscribe']) && !is_email($email) && !empty($email)) {
$msg = '<span class="error">' . $GLOBALS['strEnterEmail'] . '</span><br>';
}
$res .= '<h3>' . $GLOBALS['strUnsubscribeInfo'] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />';
if (!isset($_POST['email']) || empty($email)) {
$res .= '<p>' . $GLOBALS['strEnterEmail'] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>';
} else {
$res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS['strEmail'] . ': ' . $email . '</p>';
}
if (!$email) {
$res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>';
$res .= $GLOBALS['PoweredBy'];
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
$current = Sql_Fetch_Array_query(sprintf('select list.id as listid,user.uniqid as userhash, user.password as password
from %s as list,%s as listuser,%s as user where list.id = listuser.listid and user.id = listuser.userid and user.email = "%s"', $tables['list'], $tables['listuser'], $tables['user'], sql_escape($email)));
$some = $current['listid'];
if (ASKFORPASSWORD && !empty($user['password'])) {
# it is safe to link to the preferences page, because it will still ask for
# a password
$hash = $current['userhash'];
} elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) {
# they got to this page from a link in an email
$hash = $current['userhash'];
} else {
$hash = '';
}
$finaltext = $GLOBALS['strUnsubscribeFinalInfo'];
$pref_url = getConfig('preferencesurl');
$sep = strpos($pref_url, '?') !== false ? '&' : '?';
$finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext);
if (!$some) {
#0013076: Blacklisting posibility for unknown users
if (!$blacklistRequest) {
$res .= '<b>' . $GLOBALS['strNoListsFound'] . '</b></ul>';
}
$res .= '<p><input type=submit value="' . $GLOBALS['strUnsubscribe'] . '">';
} else {
if ($blacklistRequest) {
$res .= $GLOBALS['strExplainBlacklist'];
} elseif (!UNSUBSCRIBE_JUMPOFF) {
list($r, $c) = explode(',', getConfig('textarea_dimensions'));
if (!$r) {
$r = 5;
}
if (!$c) {
$c = 65;
}
$res .= $GLOBALS['strUnsubscribeRequestForReason'];
$res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext;
}
$res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS['strUnsubscribe'] . '"></p>';
}
$res .= '</form>';
$res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
print '<title>' . $GLOBALS['strPreferencesTitle'] . '</title>';
print $subscribepagedata['header'];
if (!TEST) {
if ($emailchanged) {
if (sendMail($data['email'], getConfig('updatesubject'), $oldaddressmessage, system_messageheaders($email), $envelope) && sendMail($email, getConfig('updatesubject'), $newaddressmessage, system_messageheaders($email), $envelope)) {
$ok = 1;
sendAdminCopy('Lists information changed', "\n" . $data['email'] . " has changed their information.\n\nThe email has changed to {$email}.\n\n{$history_entry}", $subscriptions);
addUserHistory($email, 'Change', $history_entry);
} else {
$ok = 0;
}
} else {
if (sendMail($email, getConfig('updatesubject'), $message, system_messageheaders($email), $envelope)) {
$ok = 1;
sendAdminCopy('Lists information changed', "\n" . $data['email'] . " has changed their information\n\n{$history_entry}", $subscriptions);
addUserHistory($email, 'Change', $history_entry);
} else {
$ok = 0;
}
}
} else {
$ok = 1;
}
if ($ok) {
print '<h3>' . $GLOBALS['strPreferencesUpdated'] . '</h3>';
if ($emailchanged) {
echo $strPreferencesEmailChanged;
}
print '<br/>';
if ($_GET['p'] == 'preferences') {
#0013134: turn off the confirmation email when an existing subscriber changes preference.
function addEmailToBlackList($email, $reason = '', $date = '')
{
if (empty($date)) {
$sqldate = 'now()';
} else {
$sqldate = '"' . $date . '"';
}
#0012262: blacklist only email when email bounces. (not users): Function split so email can be blacklisted without blacklisting user
Sql_Query(sprintf('insert ignore into %s (email,added) values("%s",%s)', $GLOBALS['tables']["user_blacklist"], sql_escape($email), $sqldate));
# save the reason, and other data
Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"], sql_escape($email), "reason", addslashes($reason)));
foreach (array("REMOTE_ADDR") as $item) {
# @@@do we want to know more?
if (isset($_SERVER[$item])) {
Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"], addslashes($email), $item, addslashes($_SERVER[$item])));
}
}
addUserHistory($email, s('Added to blacklist'), s('Added to blacklist for reason %s', $reason));
## call plugins to tell them
if (isset($GLOBALS['plugins']) && is_array($GLOBALS['plugins'])) {
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
if (method_exists($plugin, "blacklistEmail")) {
$plugin->blacklistEmail($email);
}
}
}
}
}
$current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $tables["user"], $userid));
$current_data = array_merge($current_data, getUserAttributeValues('', $userid));
$information_changed = 0;
foreach ($current_data as $key => $val) {
if (!is_numeric($key)) {
if (isset($old_data[$key]) && $old_data[$key] != $val && $old_data[$key] && $key != "password" && $key != "modified") {
$information_changed = 1;
$history_entry .= "{$key} = {$val}\n*changed* from {$old_data[$key]}\n";
}
}
}
if (!$information_changed) {
$history_entry .= "\nNo user details changed";
}
addUserHistory($user["systemvalues"]["email"], "Import by " . adminName(), $history_entry);
}
#add this user to the lists identified, except when they are blacklisted
$isBlackListed = isBlackListed($user["systemvalues"]["email"]);
if (!$isBlackListed && is_array($_SESSION["lists"])) {
reset($_SESSION["lists"]);
$addition = 0;
$listoflists = "";
while (list($key, $listid) = each($_SESSION["lists"])) {
$query = "replace INTO " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query, 1);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
$listoflists .= " * " . listName($key) . "\n";
# $_SESSION["listname"][$key] . "\n";
}
<?php
if (empty($_SESSION['last_addemail'])) {
$_SESSION['last_addemail'] = 0;
}
if (!empty($_GET['email'])) {
$delay = time() - $_SESSION['last_addemail'];
if ($delay > ADD_EMAIL_THROTTLE) {
$_SESSION['last_addemail'] = time();
Sql_Query(sprintf('insert into %s (email,uniqid,htmlemail,entered) values("%s","%s",1,now())', $GLOBALS['tables']['user'], sql_escape($_GET['email']), getUniqid()), 1);
addUserHistory($_GET['email'], 'Added by ' . adminName(), '');
$status = $GLOBALS['I18N']->get('Email address added');
} else {
# pluginsCall('processError','Error adding email address, throttled');
foreach ($GLOBALS['plugins'] as $plname => $plugin) {
$plugin->processError('Add email throttled ' . $delay);
}
$status = $GLOBALS['I18N']->get('Adding email address failed');
}
}
function processBounce($link, $num, $header)
{
global $tables;
$headerinfo = imap_headerinfo($link, $num);
$body = imap_body($link, $num);
$msgid = 0;
$user = 0;
preg_match("/X-MessageId: (.*)/i", $body, $match);
if (is_array($match) && isset($match[1])) {
$msgid = trim($match[1]);
}
if (!$msgid) {
# older versions use X-Message
preg_match("/X-Message: (.*)/i", $body, $match);
if (is_array($match) && isset($match[1])) {
$msgid = trim($match[1]);
}
}
preg_match("/X-ListMember: (.*)/i", $body, $match);
if (is_array($match) && isset($match[1])) {
$user = trim($match[1]);
}
if (!$user) {
# older version use X-User
preg_match("/X-User: (.*)/i", $body, $match);
if (is_array($match) && isset($match[1])) {
$user = trim($match[1]);
}
}
# some versions used the email to identify the users, some the userid and others the uniqid
# use backward compatible way to find user
if (preg_match("/.*@.*/i", $user, $match)) {
$userid_req = Sql_Fetch_Row_Query("select id from {$tables["user"]} where email = \"{$user}\"");
if (VERBOSE) {
output("UID" . $userid_req[0] . " MSGID" . $msgid);
}
$userid = $userid_req[0];
} elseif (preg_match("/^\\d\$/", $user)) {
$userid = $user;
if (VERBOSE) {
output("UID" . $userid . " MSGID" . $msgid);
}
} elseif ($user) {
$userid_req = Sql_Fetch_Row_Query("select id from {$tables["user"]} where uniqid = \"{$user}\"");
if (VERBOSE) {
output("UID" . $userid_req[0] . " MSGID" . $msgid);
}
$userid = $userid_req[0];
} else {
$userid = '';
}
Sql_Query(sprintf('insert into %s (date,header,data)
values("%s","%s","%s")', $tables["bounce"], date("Y-m-d H:i", @strtotime($headerinfo->date)), addslashes($header), addslashes($body)));
$bounceid = Sql_Insert_id();
if ($msgid == "systemmessage" && $userid) {
Sql_Query(sprintf('update %s
set status = "bounced system message",
comment = "%s marked unconfirmed"
where id = %d', $tables["bounce"], $userid, $bounceid));
logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, user marked unconfirmed"));
addUserHistory($user, $GLOBALS['I18N']->get("Bounced system message"), "\n <br/>" . $GLOBALS['I18N']->get("User marked unconfirmed") . "\n <br/><a href=\"./?page=bounce&id={$bounceid}\">" . $GLOBALS['I18N']->get("View Bounce") . "</a>\n\n ");
Sql_Query(sprintf('update %s
set confirmed = 0
where id = %d', $tables["user"], $userid));
} elseif ($msgid && $userid) {
Sql_Query(sprintf('update %s
set status = "bounced list message %d",
comment = "%s bouncecount increased"
where id = %d', $tables["bounce"], $msgid, $userid, $bounceid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["message"], $msgid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["user"], $userid));
Sql_Query(sprintf('insert into %s
set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid));
} elseif ($userid) {
Sql_Query(sprintf('update %s
set status = "bounced unidentified message",
comment = "%s bouncecount increased"
where id = %d', $tables["bounce"], $userid, $bounceid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["user"], $userid));
} elseif ($msgid === 'systemmessage') {
Sql_Query(sprintf('update %s
set status = "bounced system message",
comment = "unknown user"
where id = %d', $tables["bounce"], $bounceid));
logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, but unknown user"));
} elseif ($msgid) {
Sql_Query(sprintf('update %s
set status = "bounced list message %d",
comment = "unknown user"
where id = %d', $tables["bounce"], $msgid, $bounceid));
Sql_Query(sprintf('update %s
set bouncecount = bouncecount + 1
where id = %d', $tables["message"], $msgid));
} else {
Sql_Query(sprintf('update %s
set status = "unidentified bounce",
comment = "not processed"
where id = %d', $tables["bounce"], $bounceid));
return false;
}
return true;
}
